Singapore’s Shared Responsibility Framework (SRF) for Phishing was launched today and formally implemented by the Monetary Authority of Singapore (MAS) and the Infocomm Media Development Authority of Singapore (IMDA). The framework is consultation Effective today, October 25, 2023.
Fraud incidents that occurred after the start of SRF operation falls within the defined range This will be considered. The SRF will now assign relevant obligations to financial institutions (FIs) and telecommunications companies (telcos) to mitigate phishing scams, with the expectation of payment to affected fraud victims if these obligations are breached. We plan to set up
The SRF will be an integral component of a broader network of upstream and downstream efforts developed by governments, financial institutions, telcos and other ecosystem actors to more effectively combat fraud here.
Besides the SRF, banks also have their own voluntary bona fide frameworks to support fraud victims. The Government will continue to work with financial institutions and telecommunications companies on other anti-fraud initiatives to keep pace with the evolving fraud landscape.
Main purpose of the shared responsibility framework
SRF has three main purposes. The first is to maintain confidence in digital payments and banking in Singapore. The threat of fraud and the associated losses can erode public trust, especially when account credentials are stolen through digital fraud, leading to fraudulent transactions.
The SRF aligns with other industry-wide anti-fraud efforts to protect consumer interests and establishes clear anti-fraud obligations for financial institutions and telecommunications companies to tackle phishing scams.
Second, the SRF aims to increase accountability to consumers for fraud losses. Although financial institutions and telecommunications companies are accountable to regulators for implementing anti-fraud measures, there is currently no framework in place to hold them directly accountable to consumers for losses caused by their lapses.
The SRF makes clear that if a financial institution or telecommunications company fails to meet its prescribed fraud prevention obligations, it should be held liable for fraud losses ahead of consumers.
Finally, the SRF aims to emphasize the responsibility of individuals to remain vigilant against fraud. After all, a vigilant public is the first line of defense. Individuals should practice good cyber hygiene and avoid sharing credentials. The SRF provides a clear framework for sharing responsibility for fraud losses among parties in well-defined fraud scenarios.
How does SRF work?
Types of phishing scams covered by SRF
SRF uses digital links to cover phishing scams. This happens when consumers unknowingly expose themselves to scammers by clicking on phishing links or entering their credentials on a fake platform. Fraudsters use these credentials for fraudulent transactions.
Why is it a scam anyway? SRF focuses on phishing scams that are common in Singapore and often result in fraudulent transactions. You can set clear obligations for stakeholders to reduce the risk of phishing.
Phishing scams are subject to SRF and therefore require a clear link to Singapore. The impersonated entity must be based in Singapore or provide services to Singapore residents. Consumers are always encouraged to verify the legitimacy of the digital platforms they interact with.
Limiting the scope of the SRF to digital fraud with links to Singapore is consistent with maintaining confidence in digital payments and banking.
Phishing scams not covered by SRF
Exclusions under the SRF include scams such as investment scams and romance scams where the victim authorizes the payment, but the transaction was not intended; misunderstood About its purpose. These scams require a different approach. why? These do not directly undermine trust in digital banking and can occur outside the digital world as well.
Similarly, the fraud that victims get deceived Directly sharing credentials via text, phone call, or in-person interaction is not covered. Public education has repeatedly emphasized that we will never share credentials or OTPs under any circumstances.
Finally, the SRF does not cover fraudulent fraud not related to phishing, such as hacking, identity theft, or malware-related fraud, despite growing concern.
The SRF focuses on common fraud types with clearly defined stakeholder obligations. As malware scams evolve, it is premature to assign specific responsibility. However, government agencies and banks are proactively addressing malware scams, and banks are taking a more aggressive approach to making goodwill payments to affected customers.
For fraud outside the scope of the SRF, consumers can still seek redress by requesting a goodwill payment evaluation from their financial institution (FI) or by filing a dispute with the Financial Industry Dispute Resolution Center (FIDReC). can.
Featured image credit: Edited from freepic
